Skip site navigation (1) Skip section navigation (2)

Re: Protecting a web app from Postgresql injection

From: Josh <josh(at)globalherald(dot)net>
To: Mary Anderson <maryfran(at)demog(dot)berkeley(dot)edu>
Cc: pgsql-novice(at)postgresql(dot)org
Subject: Re: Protecting a web app from Postgresql injection
Date: 2008-01-30 22:27:20
Message-ID: alpine.LRH.1.00.0801301724560.19793@home-av-server.home-av (view raw or flat)
Thread:
Lists: pgsql-novice
Mary,

Are you using parameter substitution in your queries?  That is the best 
way to protect against these kinds of attacks.

What language are you using?  We can provide examples of this if you'd 
like.

Cheers,
-Josh

On Wed, 30 Jan 2008, Mary Anderson wrote:

> Date: Wed, 30 Jan 2008 13:48:59 -0800
> From: Mary Anderson <maryfran(at)demog(dot)berkeley(dot)edu>
> To: pgsql-novice(at)postgresql(dot)org
> Subject: [NOVICE] Protecting a web app from Postgresql injection
> 
> Hi all,
>   I have a web app I would like to protect against postgreSQL injection. 
> What characters should I be on the lookout for?  Any Any suggestions for 
> enhancing the security of my app are welcome.
>
> Mary Anderson
>
> ---------------------------(end of broadcast)---------------------------
> TIP 6: explain analyze is your friend
>
>

In response to

pgsql-novice by date

Next:From: G. J. WalshDate: 2008-01-31 03:38:44
Subject: postgresql-8.3RC2 and the continuing saga of libreadline
Previous:From: Isaac VetterDate: 2008-01-30 22:05:53
Subject: Re: database row count

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group